Openssl extract
Jump to navigation
Jump to search
1
Download pkcs12 for host.example.com.pfx from PKI
extract certs for pkcs12
openssl pkcs12 -in host.example.com.pfx -nocerts -nodes > entity.key openssl pkcs12 -in host.example.com.pfx -clcerts -nokeys > entity.crt openssl pkcs12 -in host.example.com.pfx -cacerts -nokeys -chain > ca.crt
append as many ca.crt files as you want for multiple root ca.
verify
openssl verify -verbose -CAfile ca.cert entity.crt curl --cacert ca.crt "https://host.example.com"